The ability to block the http protocol through the / proc system

[nsa-it]

Hello. I was interested in your project for blocking tls based on the SNI handshake, I applied it for transit traffic and it worked great, I also liked that you can add access lists to the / proc system! I have a question

I know there is a string module for http, but there is no way to add access lists via the / proc system. And setting up rules in the FORWARD chain is very expensive for the performance of transit routing processing.

Is it possible to make such a restriction for http traffic with access lists via the / proc system?

[Lochnair]

We'd need a HTTP header parser in the code for this to work - which doesn't exist today. I imagine the most performant option would be to add functionality that allows you to select multiple modes for one rule (e.g. HTTP and/or HTTPS).